Lucene search
K

72 matches found

Snyk
Snyk
added last week4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation Upgrade...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added last week4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added last week5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score
Exploits0References2
OSV
OSV
added last week3 views

GHSA-G5VH-55HW-RXM8 GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...

5.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5467 Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation in github.com/authorizerdev/authorizer

Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation in github.com/authorizerdev/authorizer...

5.8AI score
Exploits0References4
EUVD
EUVD
added 2026/06/18 1:51 p.m.8 views

EUVD-2026-37893

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.5AI score0.00097EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 1:51 p.m.11 views

CVE-2026-12539 Docker Sandboxes ICMP egress restriction bypass after daemon restart

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.4AI score0.00097EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 5:59 p.m.19 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the redirecturi parameter in multiple endpoints ForgotPassword, MagicLinkLogin, Signup, InviteMembers, OAuthLoginHandler, VerifyEmailHandler which is not validated against AllowedOrigins. An attacker can obtain...

8.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.5 views

Malicious Package

Overview cognitoauthorizer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.7 views

CVE-2024-2435

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS4.3AI score0.00394EPSS
Exploits0References1
Redos
Redos
added 2025/12/03 12:0 a.m.8 views

ROS-20251203-03

A vulnerability in the JMX interface of the Apache Cassandra distributed database management system is related to a flaw in the deserialization mechanism. flaws in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker to implement a man-in-the-middle...

5.4CVSS6.3AI score0.01056EPSS
Exploits0
EUVD
EUVD
added 2025/10/13 1:33 p.m.5 views

EUVD-2025-33747

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies...

8.6CVSS6.4AI score0.00464EPSS
Exploits0References4
OSV
OSV
added 2025/10/13 1:33 p.m.3 views

GHSA-7R7F-9XPJ-JMR7 Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Summary When using filter authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. Bypass policies whose condition can never pass at runtime were compiled as ORANDcondition, compiledpolicies, NOTcondition. If the condition could never be true at...

8.6CVSS6.7AI score0.00464EPSS
Exploits0References7
NVD
NVD
added 2025/10/10 4:15 p.m.6 views

CVE-2025-48043

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS0.00464EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/10 3:57 p.m.4 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS6.6AI score0.00464EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/10 3:57 p.m.9 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS0.00464EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 3:57 p.m.4 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS5.9AI score0.00464EPSS
Exploits0References9
CVE
CVE
added 2025/10/10 3:57 p.m.11 views

CVE-2025-48043

CVE-2025-48043 describes an Incorrect Authorization vulnerability in the Ash Framework ('ash') that allows authentication bypass via the policy authorizer. The issue is tied to lib/ash/policy/authorizer/authorizer.ex and Elixir.Ash.Policy.Authorizer:strict_filters/2 and affects ash versions prior...

8.6CVSS6.6AI score0.00464EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.6 views

PT-2025-41572

Name of the Vulnerable Software and Affected Versions ash versions prior to 3.6.2 Description An incorrect authorization issue exists in ash-project ash, allowing authentication bypass. The issue is associated with the program files lib/ash/policy/authorizer/authorizer.ex and the...

8.6CVSS6.8AI score0.00464EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-3695

Malware in sbrugna...

6.8CVSS8AI score0.02766EPSS
Exploits0References12
Rows per page
Query Builder